[WEB SECURITY] RE: Defeating nonce/token based CSRF protection

Jeroen van Dongen jeroen at jkwadraat.net
Fri Apr 18 14:28:42 EDT 2008


Thanks all for the answers -

Mike Duncan summarised it nicely I guess:
"...and we are answering: Yes, this is possible but security in depth is
the best defense against this."

Thanks again,
Jeroen

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list